What risks or gaps does the network have in these times when the use of new technologies and social networks is so important? Life without the Internet is virtually unthinkable. In addition to the media, they have become an essential tool for communication and other areas of life, such as the dissemination and consumption of culture from it (also in physical spaces and resources), the exploration of shopping or travel, the use of job search platforms, transfer or payment, etc. The development of new technologies is speeding up and the media cannot be left behind. In exchange for what?
The main cyberattack on the Aiaraldea media occurred in September 2022: We were blocked from the Youtube account as we were hacked with cryptocurrency ads . He was followed by the blocking of the Facebook account or the suspension of the Twitter account. But on September 28, we were not just blocked by the simple Youtube account: In our case, the entire audiovisual public archive of 11 years was suspended. For us this was more serious than seeing the error 'not available' on the web.
The lack of technological sovereignty puts you to the test as a means of communication, your contents are embarked from moment to moment on clouds as well as on the international ignorant, and the key to solving the problem is not in your hands. In our case, we contacted different projects in the Basque Country that have suffered this type of aggression: we received the support of the media in Basque and other projects, but it was not enough. We had to submit two resources to Youtube to take into account our case as soon as possible: being a means of communication in Euskera, it was very clear that the publicity of the cryptototxambres was not that made by Aiaraldea Komunikabideak (without logo, in a language that is not Basque…). The conclusion is clear: without technological sovereignty we are in the hands of multinational companies. But there are alternatives. Peertube for audiovisuals (contains cloud or deposit in the Basque Country), Matomo (free program to avoid Google Analytics)... But while society continues to consume information and life according to these currents, it is difficult to avoid these channels (both on TVs and mobile phones mainly use Youtube, which could probably lead to a reduction in audience or reach). So, rather than focusing on risks, the key is on opportunities and alliances: cyber attacks will not mark our worlds. Let us use these situations to group, support, support and outline new alternatives to communication or communication projects that share objectives and instruments. We have many experiences and possibilities in our environment to get to the new hooks and scare the ghosts.
Izar Mendiguren Cosgaya
The website Argia.eus suffered for three days, starting on July 17, 2022, an anonymous cyberattack of the type DDoS or Distributive Denial of Service. In this type of computer attacks, using bots from multiple Internet addresses, the aim is to disable the server with requests for information. When aggression comes from a single address it is very easy to stop, as it is enough to block the appropriate IP address, but in DDoS type attacks it is difficult to distinguish between normal and aggression traffic, making it difficult to respond.
On July 17, Sunday night, we realized something wasn"t going well. For unexplained reasons, the workload of the server hosting the website increased to levels never seen, so the contents of the website could not be accessed. On Monday morning journalists could not publish the information. Meanwhile, we are trying to find a solution. In the afternoon, although for a moment the web was re-established and the news we had prepared was published, the server fell again.
The problem persisted on Tuesday. We had to make a painful decision to provisionally start the web: Block all IP addresses outside the Spanish State, systematically excluding a group of our readers, those in Iparralde, as well as the diaspora Basques. This was the first effective measure that managed to keep the website up. Then, in an attempt to locate and limit the origin of the aggression, we conducted a series of tests, blocking the traffic in some states, but we did not find a clear answer. After three days of headaches, the blockade was removed on Thursday, July 21 and it was observed that the website was standing. The attack ended.
Such attacks violate the right to information and thus the freedom of all, but we feel the support of our community. As we have said many times, they will not touch us or silence us.
Asier Iturralde Sarasola
On October 11, they attacked the Pantailak Euskaraz e-mail, the Twitter account and the Youtube account. In our Youtube channel and in our Twitter account, many messages and videos related to cryptocurrencies began to appear. We asked computer experts and told us that there was going to be a scam type attack, that we had some computer hacker in, first getting the keys from our accounts, and then publishing their messages. As soon as we were notified that, we erased all these messages, closed all accounts on all devices and restored passwords.
After all this, on 12 October we decided on the problem and the functioning of our accounts returns to normal. But on Thursday, October 13, we were closed with the Twitter account. We are not clear why. According to the message received on Twitter, we were provisionally closed for an “infringement”. As we were told, Twitter could have considered it inadequate and closed the strange messages that appeared on our account. We then process to Twitter the requests for reinstatement through your help section with all the explanations of what happened. The request was reiterated in the following days, but the reply was always the same: “We confirm that you have closed your default account.”
To denounce it, we launched a campaign of signatures on the Avaaz platform, hoping that we could press Twitter and restart the account. In two days we collected over 500 signatures, sent new requests to Twitter but we couldn"t reactivate them. Therefore, we miss the @pantailakeus account (up to 2,800 followers) and we start from scratch by creating the @pantailakeusk account. At the moment we have only recovered half of the followers, which has been a major obstacle to an initiative such as ours that moves mainly on social networks. In addition, at the same time our website fell, we don't know very well why, but we had many technical problems to recover it, we were told there was some other attack or virus. In these difficult conditions we had to deal with the PANTAILALDIA, one of our most important initiatives of the year.
Cybersecurity bases and recommendations for individuals, organisations and small associations
In order to avoid computer aggression and decide what recommendations we should apply, we should first know what cyber attacks are. According to Wikipedia, a cyberattack or computer attack, a computer system (computer, private network, etc.) is an intentional attack aimed at control, destabilisation or damage. But what"s important and what we should understand at the bottom is that an attack of this kind is primarily aimed at access to computer systems. That is, to achieve control on computers and networks by achieving the highest possible level of privileges to subsequently use these devices for different purposes: to steal information, to destabilise the operation of devices, to remove files, etc.
Therefore, the key is to prevent device control and be informed of such attacks so as not to swallow deception. Attacks are usually deceit and traps at first, and once that deceit has occurred and device control has been achieved, they tend towards the real goal.
In addition, it must be borne in mind that there are many kinds of attacks and that there is no single magic solution to deal with them. In addition, like diseases, aggressions are also modified and evolved by aggressors as solutions against them are published. Hence the frequent use of disease metaphors (viruses, mutations, infection, antidotes…).
To name a few types of aggressions, some of the most common are listed below:
Social engineering attacks
When it comes to breaking security, in general, people are the weakest links, and the attack of social engineering is our goal. The psychology and deception of these people is often the framework of play and the point of access and control to devices.
Different tactics are used in this group. To give a few real examples:
- The simplest attack is direct deception. For example, the aggressor who enters a company in the role of a computer technician. The victim offers access to a computer and passwords for maintenance. The aggressor manages to control this device and performs the next attack from home compromising company data. Such cases have also occurred by telephone and internal staff.
- Among the most sophisticated aggressions, the most frequent are the so-called Phising, Smishing… and their similar derivatives. In these attacks they falsify the websites of the services used by the victims (usually bank pages). They build the same copies as these, with their customer points. Thus, through emails or sms that seem authentic, victims are asked to access the web with changes in their services. This message contains links to fake websites where victims click and access users and passwords to send them to aggressors. Yes, yes, online banking users and passwords. Once access to online banking is obtained, they can transfer money and then carry out a type of attack referred to in point 1, in which the aggressor asks the victim for the SMS message code he has received from the real bank from a number that looks like a real bank phone. If the victim provides you with the phone number, you will make the transfer and lose the money.
- There"s another group called malware. In this case it is a program or file designed to obtain control of our computer, but which looks like a real program or file. If we install this program on one of our devices, we just installed it. Suppose that in the network we find the possibility to download for free the installer of an expensive program we want to install (Photoshop, for example). If this program is a malware and we install it on the computer, the attacker will be able to install the tools to get control of our computer. For example, each key we click on our keyboard will be able to send it (keylogger) with the possibility of getting our different password, or we will be installed a program designed to fulfill orders from another computer without us knowing anything. In the latter case, we can say that our computer is a zombie and can be part of a network or army of computers (botnet) made up of millions of computers without the owner of the computer knowing anything. I believe that the type of malware is fundamental to understanding the attack on light.
Brute force attack
In this case, they first collect victim information on the network by all possible means. Google search engines or social networks are often optimal sources of information. They then set the profile of the victim and build passwords with words that can be keywords: name of the dog+year of birth, alias+year of birth, names of the daughters+sons+dates of birth... and test them from one to one against the services the victim uses (social networks, e-post…) until you get the password of one of them and get control of the service. From that moment on, they can start a new attack: spam, information theft, extortion, identity theft…
Distributed Denial of Service Attack (DDoS)
This attack is a coordinated attack on the network of several previously submitted devices. Subordinated devices are said to be in a zombie state and comply with the prescriptions of a device controlled by the aggressor. In addition, the owners of these zombie devices do not know that they are using their device for coordinated attacks and that they are part of a botnet.
Basically, it"s about unusing a network service for a period of time, and for that, all the zombie devices in a botnet demand that service simultaneously or in waves of varying frequency. Upon receiving a number of orders not expected by that website or service and not being able to serve them all, it overflows. It’s like when you want to buy tickets for a special concert from a known music group, the server ticket is blocked because all fans at the same time try to buy tickets. But in this case requests are legitimate and flood visits are expected and avoidable, not in a DDoS attack and seek the same effect.
For those who manage the website or service it is often difficult to distinguish between legitimate and aggressive requests, and these requests are usually filtered, blocked or unusable until the end of the attack.
This type of aggression has recently been suffered by the Light or several instances of Mastodon.
It has recently become a very common attack, particularly in the business world. When the aggressor gets malware access to a device that contains valuable data, the numbers. That is, encrypt with a password. Subsequently, you request an amount from your owner or company in exchange for recovering this data. Usually request payment in cryptototxambres: Bitcoins. If you pay in cryptototxambres, it"s virtually impossible to track and follow them.
In recent times, a new variant of these aggressions is being imposed, in which the aggressors, besides encrypting the data, appropriate a copy. Thus, in addition to the risk of data loss, they threaten to share or sell this data with third parties.
In the face of this aggression, it is essential to have a good copy of data protection and to take measures to prevent the installation of malware.
List of protective measures against:
- Keep the operating system of the devices up to date with the latest security patches.
- If you have an operating system not based on free software, you have the antivirus installed and updated and program periodically to scan your computer. Optionally, use free software, as they are the first to detect security failures and publish updates.
- Check your network points, do your wifi have a secure password? Does the router have access to your admin area with a secure password? If you get control of your access point: the domestic one, the company one -- you"ve been put home.
- Do not install anything foreign to the official websites or certificate: neither minigames, nor demos, nor free programs… Besides filling the space in the system with trash, they are usually very dangerous.
- Periodically, if possible, copy the data and format the disk again by installing and cleaning the operating system.
- Never share your keys with anyone. Neither the ones you use to login, nor the ones you get to the phone through the message.
- Don’t leave the passwords written, either on a paper or in a post-it, etc… Even less in a text file inside the computer. If you have to store them in a file, keep them encrypted.
- Use an appropriate password policy: do not repeat passwords in the same services, which have long and different types of mixed characters, etc.
- Optionally, use a password manager. A program to create and remember passwords, there are many in the market.
- On all external services you use (online services, social networks such as Youtube or Twitter, Gmail email service, etc. ), 2FA or two-factor authentication. In addition to the password, you will add a new security layer to the service. It is currently a minimum necessary to activate it in many organisations and companies. If you"re a partnership or an organization, this should be a minimum.
- Don"t open any additional content or links that may contain an email you don"t know until you check its origin and know it"s good. If you don"t expect it, always be clear.
- If you are sent an e-mail from your bank telling you that you need to change your password, you manage it by type and click it if there is a link. Call the bank and check that they really ask for it, if so, type directly into the browser or Google your bank address and access it.
- If, as in the case above, you get an sms message indicating that you need to change your password or perform another management, and if there is a link, never click it. See how the address begins, whether it"s a fake address or not, whether it can have signs of no.
- Our language is very helpful in detecting whether phising is an attack or not. If you have care in Basque at your bank or any other service, your messages will reach at least in Basque. If you"re in Basque, you"re more likely to trust, but don"t open links like this that you"ve never asked for.
- Always use Web addresses with HTTPS connections (padlock seen in the address bar).
Additional protection measures for those with computer systems in the associative structures:
- If you have a local network, monitor the access (through the firewall) and the toponymy of the network by fragmenting the different sectors, performing a proper backup policy and generating redundancy in both data and services.
- Remember that nowadays we use more and more digital devices, not only computers (routers wifi, mobiles, televisions, voice speakers, cars, refrigerators, plugs…). As already mentioned, it is important to make software updates and keep everyone. Also analyse connection points and, if possible, fragment the network to isolate potentially dangerous devices.
Some lines on the aggressions that have occurred in our environment in recent times
The cases of Aiaraldea Komunikabideak and Pantailak Euskaraz are probably the result of an attack started with malware. And that is, the aggressor got the accesses to the social networks and the most known social networks today are prepared not to use brute force. Therefore, surely the aggressor could have installed an unnecessary program and managed to control a computer of these agents, using password acquisition techniques and spying on victims in the worst case. Once you get passwords (victims may have used the same password on different social networks), the aggressor used them to advertise or spam cryptototxambres.
The DDoS attack on the Argia.eus page occurred through a zombie army or a botnet network, made up of several computers that have been victims of a malware attack. The aim of the aggressor was to leave Argia out of service and to do so the thousands of computers in charge (could be millions) were ordered to open the Web page of the Light simultaneously. These zombie devices made requests without their real owner noticing anything, and the servers of Argia were filled with requests and drowned.